summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2022-01-07 14:42:36 +0100
committerChristian Pointner <equinox@spreadspace.org>2022-01-08 20:54:08 +0100
commitbf327db4ff4e5185f84df50678f488665a3d404e (patch)
treeb3bf68566b238e4422492eecde7f442ce29336c5
parentupdate zsh config (diff)
nftables/base: initial commit
Diffstat
-rw-r--r--roles/network/nftables/base/handlers/main.yml5
-rw-r--r--roles/network/nftables/base/tasks/main.yml26
2 files changed, 31 insertions, 0 deletions
diff --git a/roles/network/nftables/base/handlers/main.yml b/roles/network/nftables/base/handlers/main.yml
new file mode 100644
index 00000000..bda10bdc
--- /dev/null
+++ b/roles/network/nftables/base/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: reload nftables
+ service:
+ name: nftables
+ state: reloaded
diff --git a/roles/network/nftables/base/tasks/main.yml b/roles/network/nftables/base/tasks/main.yml
new file mode 100644
index 00000000..46c7d0b5
--- /dev/null
+++ b/roles/network/nftables/base/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+- name: install nftables
+ apt:
+ name: nftables
+
+- name: create include base directory
+ file:
+ path: /etc/nftables.d
+ state: directory
+
+- name: generate base nft script
+ copy:
+ content: |
+ #!/usr/sbin/nft -f
+
+ # Ansible managed
+ flush ruleset
+ include "/etc/nftables.d/*.nft"
+ dest: /etc/nftables.conf
+ notify: reload nftables
+
+- name: make sure nftables systemd service unit is enabled and started
+ systemd:
+ name: nftables.service
+ state: started
+ enabled: yes
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-01 03:24:52 +0000